Re: [HERT] Advisory #002 Buffer overflow in lsof

[leb () NASIRC HQ NASA GOV (Lee Brotzman)]

> On Fri, 19 Feb 1999, Mariusz Marcinkiewicz wrote:
>
> > On Thu, 18 Feb 1999, Don Lewis wrote:
> >
> > > ... or are there systems that give group kmem write privileges?  If so,
> > > I'd say that's a security hole.
> >
> > Yes, you are right... but... I saw that hole after installing new linx and
> > checked it's security. First I was suprised but not for a long time.
> > In a few mins I noticed all linux versions are chown .kmem; chmod g+s
> > lsof...  on linux /dev/kmem is +w for gid kmem, on bsd too (probably, I
>
> Sorry, no go.  FreeBSD 2.2-STABLE and 4.0-CURRENT, the two versions I
> have sitting around, have the following permissions on /dev/kmem:
>
> crw-r-----  1 root  kmem    2,   1 Mar  7  1998 /dev/kmem
>
> Please verify claims such as these before posting them.

I have to agree.  On my installation of Caldera OpenLinux 1.2, I see the
following:

$ ls -l /usr/sbin/lsof
-rwxr-xr-x   1 root     root        72492 Jan  7  1998 /usr/sbin/lsof
$ ls -l /dev/kmem
crw-r-----   1 root     kmem       1,   2 Jul 29  1998 /dev/kmem

No SetGID on lsof, no +w on /dev/kmem.  For the claim of "all linux versions",
just which linux versions were you talking about?


--
-- Lee E. Brotzman, NASA Automated Incident Response Capability (NASIRC)
-- Phone: 814-861-5028  Fax: 814-861-3806  Email: leb () nasirc hq nasa gov